WannaCrypt NHS victim Lanarkshire infected by malware again

Infect me once, shame on you. Infect me twice…

One of the UK National Health Service boards hit by WannaCrypt earlier this year has again been infected by malware.

The Lanarkshire board manages the Hairmyres Hospital, Monklands Hospital, and Wishaw General Hospital in Scotland, and on Friday had to warn patients that it was only handling emergency cases.

Lanarkshire was one of the many NHS districts hit by the WannaCrypt/WannaCry ransomware attack earlier this year.

The latest infection took out the hospital's staff rostering and telephone systems, and on Saturday morning NHS Lanarkshire posted this brief statement on its Facebook page:

“Due to NHS Lanarkshire IT issues, the staff bank system and telephone are offline and currently unavailable” (“staff bank” refers not to a financial service, but the system that tracks available staff – El Reg).

At the time, NHS Lanarkshire expected a 72-hour outage, and CEO Calum Campbell attributed the outage to malware, with systems taken offline to contain the outbreak with help from its IT provider.

A couple of hours later on Saturday morning, it posted an update requesting that people avoid visiting emergency departments unless absolutely necessary.

By Sunday, Campbell posted that staff had “worked overnight to secure and reinstate our IT systems”, adding that affected systems “are in the process of being fixed”.

Campbell apologised to patients affected by the outage and promised that their appointments would be re-scheduled.

In an unrelated report, security outfit Proofpoint last Thursday said it had spotted a ransomware it dubbed “Defray” targeting hospitals, via Word files entitled “Patient Report”, in the US and UK. ®